Loading chat...
GA SB493
Bill
Status
Engrossed
3/12/2020
Primary Sponsor
Bruce Thompson
Click for details
AI Summary
- Establishes a legal safe harbor allowing businesses ("covered entities") to assert an affirmative defense against tort claims arising from data breaches of personal information, provided they maintain a written cybersecurity program with administrative, technical, and physical safeguards that reasonably conforms to an industry-recognized framework
- Defines "personal information" to include names combined with Social Security numbers, driver's license numbers, financial account numbers, passwords, student records, and medical information when not encrypted or redacted
- Requires that a qualifying cybersecurity program be scaled appropriately based on the entity's size, complexity, nature of activities, data sensitivity, available tools, and resources
- Provides an alternative path to the affirmative defense: a covered entity may qualify if it received a certification of adherence to a recognized security standard from an independent security assessment firm within 12 months prior to the breach
- Does not create a minimum cybersecurity standard or impose liability on businesses that do not comply; intended solely to incentivize voluntary adoption of stronger cybersecurity practices, with an effective date of July 1, 2020
Legislative Description
Selling and Other Trade Practices; legislative findings; standards for cybersecurity programs to protect businesses from liability; provide
Last Action
House Second Readers
6/15/2020
Full Bill Text
No bill text available